Forums

Long story short: (Breachsense) Meanwhile pe tor-site-ul Ransomhub (neverificat) timerul e resetat la 23h desi in articolul initial era la 3zile   Data Breach Report Victim nttdata.ro Threat Actor Ransomhub Date Discovered Jul 02, 2024 Description NTT Data Corporation is a Japanese multinational information technology service and consulting company headquartered in Tokyo. Leak Size 230GB Newsarticle: Japan's NTT Data says Romania unit suffered unauthorised access  Japan's NTT Data Group said on Wednesday its Romania unit was hit by an instance of unauthorised access in June. The company is investigating how the access, which occurred on June 14, happened and whether information was leaked, a spokesperson said. NTT Data said the access was detected on an old network that the Romanian unit was no longer using as its main network. It had acquired all of the shares in a Romanian information technology service company in 2013 to make it a subsidiary. Shares of NTT Data fell as much as 6.55% on Wednesday compared with a 1.26% gain in the benchmark Nikkei index. sursa

Modern CPUs from Intel, including Raptor Lake and Alder Lake, have been found vulnerable to a new side-channel attack that could be exploited to leak sensitive information from the processors.   The attack, codenamed Indirector by security researchers Luyi Li, Hosein Yavarzadeh, and Dean Tullsen, leverages shortcomings identified in Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) to bypass existing defenses and compromise the security of the CPUs.   "The Indirect Branch Predictor (IBP) is a hardware component in modern CPUs that predicts the target addresses of indirect branches," the researchers noted.   "Indirect branches are control flow instructions whose target address is computed at runtime, making them challenging to predict accurately. The IBP uses a combination of global history and branch address to predict the target address of indirect branches."   The idea, at its core, is to identify vulnerabilities in IBP to launch precise Branch Target Injection (BTI) attacks – aka Spectre v2 (CVE-2017-5715) – which target a processor's indirect branch predictor to result in unauthorized disclosure of information to an attacker with local user access via a side-channel.   This is accomplished by means of a custom tool called iBranch Locator that's used to locate any indirect branch, followed by carrying out precision targeted IBP and BTP injections to perform speculative execution.   Intel, which was made aware of the findings in February 2024, has since informed other affected hardware/software vendors about the issue.   As mitigations, it's recommended to make use of the Indirect Branch Predictor Barrier (IBPB) more aggressively and harden the Branch Prediction Unit (BPU) design by incorporating more complex tags, encryption, and randomization.   The research comes as Arm CPUs have been found susceptible to a speculative execution attack of their own called TIKTAG that targets the Memory Tagging Extension (MTE) to leak data with over a 95% success rate in less than four seconds.   The study "identifies new TikTag gadgets capable of leaking the MTE tags from arbitrary memory addresses through speculative execution," researchers Juhee Kim, Jinbum Park, Sihyeon Roh, Jaeyoung Chung, Youngjoo Lee, Taesoo Kim, and Byoungyoung Lee said.   "With TikTag gadgets, attackers can bypass the probabilistic defense of MTE, increasing the attack success rate by close to 100%." In response to the disclosure, Arm said "MTE can provide a limited set of deterministic first line defenses, and a broader set of probabilistic first line defenses, against specific classes of exploits."   "However, the probabilistic properties are not designed to be a full solution against an interactive adversary that is able to brute force, leak, or craft arbitrary Address Tags."   Source: https://thehackernews.com/2024/07/new-intel-cpu-vulnerability-indirector.html

telegram tati , daca vrei sa inveti ceva .

Nu stiu despre ce e vorba, dar acest "dark web", mi s-a parut o mizerie. Intrasem si eu acum ani de zile, sperand sa invat lucruri despre security, dar e plin de copii copaci. 

Imi poate zice cineva care este faza cu site-ul asta? E ceva legat de internetul  intunecat?Daca da mi-ar placea sa ma conduceti cu linkuri catre mai multe site-uri de genu! Multumesc anticipat!👻

A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that could be exploited to stage software supply chain attacks, putting downstream customers at severe risks.   The vulnerabilities allow "any malicious actor to claim ownership over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and macOS applications," E.V.A Information Security researchers Reef Spektor and Eran Vaknin said in a report published today.   The Israeli application security firm said the three issues have since been patched by CocoaPods as of October 2023. It also resets all user sessions at the time in response to the disclosures.   One of the vulnerabilities is CVE-2024-38368 (CVSS score: 9.3), which makes it possible for an attacker to abuse the "Claim Your Pods" process and take control of a package, effectively allowing them to tamper with the source code and introduce malicious changes. However, this required that all prior maintainers have been removed from the project.   The roots of the problem go back to 2014, when a migration to the Trunk server left thousands of packages with unknown (or unclaimed) owners, permitting an attacker to use a public API for claiming pods and an email address that was available in the CocoaPods source code ("unclaimed-pods@cocoapods.org") to take over control.   The second bug is even more critical (CVE-2024-38366, CVSS score: 10.0) and takes advantage of an insecure email verification workflow to run arbitrary code on the Trunk server, which could then be used to manipulate or replace the packages.     Also identified in the service is a second problem in the email address verification component (CVE-2024-38367, CVSS score: 8.2) that could entice a recipient into clicking on a seemingly-benign verification link, when, in reality, it reroutes the request to an attacker-controlled domain in order to gain access to a developer's session tokens.   Making matters worse, this can be upgraded into a zero-click account takeover attack by spoofing an HTTP header – i.e., modifying the X-Forwarded-Host header field – and taking advantage of misconfigured email security tools.   "We have found that almost every pod owner is registered with their organizational email on the Trunk server, which makes them vulnerable to our zero-click takeover vulnerability," the researchers said.   This is not the first time CocoaPods has come under the scanner. In March 2023, Checkmarx revealed that an abandoned sub-domain associated with the dependency manager ("cdn2.cocoapods[.]org") could have been hijacked by an adversary via GitHub Pages with an aim to host their payloads.   Source: https://thehackernews.com/2024/07/critical-flaws-in-cocoapods-expose-ios.html

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server   Bharat Jogi, Senior Director, Threat Research Unit, Qualys July 1, 2024 - 5 min read Table of Contents About OpenSSH: Securing Enterprise Communications and Infrastructure Affected OpenSSH versions: Potential Impact of regreSSHion Immediate Steps to Mitigate Risk Technical Details Qualys QID Coverage Discover Vulnerable Assets Using Qualys CyberSecurity Asset Management (CSAM) Enhance Your Security Posture with Qualys Vulnerability Management, Detection, and Response (VMDR) Gain exposure visibility and remediation tracking with the regreSSHion Unified Dashboard Automatically Patch regreSSHion vulnerability With Qualys Patch Management Frequently Asked Questions (FAQs) The Qualys Threat Research Unit (TRU) has discovered a Remote Unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems; that presents a significant security risk. This race condition affects sshd in its default configuration. Based on searches using Censys and Shodan, we have identified over 14 million potentially vulnerable OpenSSH server instances exposed to the Internet. Anonymized data from Qualys CSAM 3.0 with External Attack Surface Management data reveals that approximately 700,000 external internet-facing instances are vulnerable. This accounts for 31% of all internet-facing instances with OpenSSH in our global customer base. Interestingly, over 0.14% of vulnerable internet-facing instances with OpenSSH service have an End-Of-Life/End-Of-Support version of OpenSSH running. In our security analysis, we identified that this vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, which was reported in 2006. A regression in this context means that a flaw, once fixed, has reappeared in a subsequent software release, typically due to changes or updates that inadvertently reintroduce the issue. This incident highlights the crucial role of thorough regression testing to prevent the reintroduction of known vulnerabilities into the environment. This regression was introduced in October 2020 (OpenSSH 8.5p1).   Articol complet: https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server

Probabil un mini-pc/raspbbery cu linux si niste python pentru controlul camerei si a comenzilor de miscare si o parte de hardware  cu ceva asemanator Arduino dar pe un 32 de biti pentru rapiditate si control mai smooth pe tot ce inseamna zona de motoare si miscare.

,,,pentru diversificare antena Batwing...https://www.wifi-antennas.com/topic/694-batwing-antenna-24-ghz/?page=1

Nu ma asteptam sa fie american, ci dintr-o tara unde nu prea isi fac griji cu legile (cel putin cu astea referitoare la tastaturi si mousi).